-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Combined KSPM and Runtime Security for Helm release
- Loading branch information
1 parent
79a198f
commit 3f5b6ae
Showing
38 changed files
with
85 additions
and
123 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| name: KSPM-Runtime Workflow | ||
|
|
||
| on: | ||
| push: | ||
| tags: | ||
| - "v[0-9]+.[0-9]+.[0-9]+" | ||
| - "v[0-9]+.[0-9]+.[0-9]+-*" | ||
| pull_request_target: | ||
| branches: | ||
| - "*" | ||
|
|
||
|
|
||
| jobs: | ||
| tag-validate: | ||
| runs-on: ubuntu-latest | ||
| if: startsWith(github.ref, 'refs/tags/v') | ||
| steps: | ||
| - uses: rubenesp87/[email protected] | ||
| with: | ||
| version: ${{ github.ref_name }} | ||
|
|
||
| helm_chart_validation: | ||
| runs-on: ubuntu-latest | ||
| if: always() && !contains(needs.tag-validate.result, 'failure') | ||
| needs: [tag-validate] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Install Helm | ||
| run: | | ||
| curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | ||
| chmod 700 get_helm.sh | ||
| ./get_helm.sh | ||
| - name: Update Helm Dependencies | ||
| run: | | ||
| cd kspm-runtime | ||
| helm dependency update | ||
| - name: Validate Helm charts | ||
| run: | | ||
| helm lint kspm-runtime | ||
| helm template kspm-runtime --dry-run > /dev/null | ||
| helm_push_to_ecr: | ||
| runs-on: ubuntu-latest | ||
| needs: [helm_chart_validation] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Set up AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: us-east-1 | ||
|
|
||
| - name: Install Helm | ||
| run: | | ||
| curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | ||
| chmod 700 get_helm.sh | ||
| ./get_helm.sh | ||
| - name: Login to AWS ECR | ||
| run: | | ||
| aws ecr-public get-login-password --region us-east-1 | helm registry login --username AWS --password-stdin ${{ secrets.REPO }} | ||
| - name: Update Helm Dependencies | ||
| run: | | ||
| cd kspm-runtime | ||
| helm dependency update | ||
| - name: Chart versioning | ||
| if: ( github.event_name != 'pull_request' && github.event_name != 'pull_request_target' ) | ||
| run: | | ||
| sed -i "s/^version:.*$/version: ${{ github.ref_name }}/" kspm-runtime/Chart.yaml | ||
| sed -i "s/^appVersion:.*$/appVersion: ${{ github.ref_name }}/" kspm-runtime/Chart.yaml | ||
| - name: Package and Push Helm Chart | ||
| run: | | ||
| helm package kspm-runtime | ||
| HELM_PACKAGE=$(ls kspm-runtime-*.tgz) | ||
| helm push $HELM_PACKAGE oci://${{ secrets.REPO }} |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.